laughing-lemur.com/WW/SB/
116.203.124.201301 Moved Permanently 162 B URL HTTP/1.1 laughing-lemur.com/WW/SB/
IP 116.203.124.201:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
Analyzer Verdict Alert fortinet Malware
GET /WW/SB/ HTTP/1.1
Host: laughing-lemur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sun, 29 Jan 2023 22:08:26 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://laughing-lemur.com/WW/SB/
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a2104f935c638b4767ca5ae0d738ef23
85c6af15af749be0ceeae6de17c36925b750f166
5d4789a3696bd7faa9916768cb627bbc89bf70a756d80e53860cbac13c2bc8b1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D4789A3696BD7FAA9916768CB627BBC89BF70A756D80E53860CBAC13C2BC8B1"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13892
Expires: Mon, 30 Jan 2023 01:59:59 GMT
Date: Sun, 29 Jan 2023 22:08:27 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3eb88dea4fe00db1182370e72683c3ab
ca520abf1e91bfd2aef40c6a1270a911071e8922
d8083ee567c7b3023111dc30f32c94237df7db30d4d2daaea0a569e8a3069ad7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D8083EE567C7B3023111DC30F32C94237DF7DB30D4D2DAAEA0A569E8A3069AD7"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13601
Expires: Mon, 30 Jan 2023 01:55:08 GMT
Date: Sun, 29 Jan 2023 22:08:27 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 29 Jan 2023 21:35:38 GMT
content-type: application/json
age: 1969
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 302c7548412192add063ad6c8b99cf3b
e5d178931a27db036ce8daae302594d3ff7050b8
fc2bd9091006189e67e8074093805ee5492ce16e1dbfba32e083abeeae34969d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FC2BD9091006189E67E8074093805EE5492CE16E1DBFBA32E083ABEEAE34969D"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6395
Expires: Sun, 29 Jan 2023 23:55:02 GMT
Date: Sun, 29 Jan 2023 22:08:27 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: iAVqOSUorLE8LNyguJtdFYFqCTGYEBU+jaGSlUUKq+6EtxuFpmSUvBsTE5/6rFVZCVTAHGon2kflbls3OU1rlg==
x-amz-request-id: CSBGNYBRNTAANPBF
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 29 Jan 2023 21:21:32 GMT
age: 2815
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 22:08:27 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d1fbff3cb8b5d1346805cd3a063ba751
d6a9e32a9c9629907970e6f7d2fae5d507cb353f
933eea3caa8591fe4ade8217c4fa34e38ff37c1656c8b3a2aee3fe5243b990bf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "933EEA3CAA8591FE4ADE8217C4FA34E38FF37C1656C8B3A2AEE3FE5243B990BF"
Last-Modified: Sun, 29 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12774
Expires: Mon, 30 Jan 2023 01:41:21 GMT
Date: Sun, 29 Jan 2023 22:08:27 GMT
Connection: keep-alive
laughing-lemur.com/WW/SB/style.css
116.203.124.201200 OK 2.3 kB URL HTTP/2 laughing-lemur.com/WW/SB/style.css
IP 116.203.124.201:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (2332), with no line terminators
Hash 955c1d9b95fb7c9b743726bffc073da7
60ef6f9baf9211f74d765370f2c9565171bb0711
79e220d0cc09b63de81927cf8f76ac3f29b928a61f7dbd022e9124993e600d4f
GET /WW/SB/style.css HTTP/1.1
Host: laughing-lemur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://laughing-lemur.com/WW/SB/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 22:08:27 GMT
content-type: text/css
content-length: 2332
last-modified: Tue, 27 Sep 2022 13:47:04 GMT
etag: "6332fed8-91c"
expires: Sun, 05 Feb 2023 22:08:27 GMT
cache-control: max-age=604800
accept-ranges: bytes
X-Firefox-Spdy: h2
laughing-lemur.com/WW/SB/logo.png
116.203.124.201200 OK 947 B URL HTTP/2 laughing-lemur.com/WW/SB/logo.png
IP 116.203.124.201:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced\012- data
Hash 33945cc89eb107c9dc76a136c80d334f
20345714ea8b7a13a5a26b78d76a2d370516d1e8
b7abb33953367ca8cbd7992cfac8d74385407227e3de75105ee9cfbf38070a41
GET /WW/SB/logo.png HTTP/1.1
Host: laughing-lemur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://laughing-lemur.com/WW/SB/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 22:08:27 GMT
content-type: image/png
content-length: 947
last-modified: Tue, 27 Sep 2022 13:47:05 GMT
etag: "6332fed9-3b3"
expires: Tue, 28 Feb 2023 22:08:27 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
laughing-lemur.com/WW/SB/
116.203.124.201200 OK 6.3 kB URL HTTP/2 laughing-lemur.com/WW/SB/
IP 116.203.124.201:0
ASN #24940 Hetzner Online GmbH
Hash 80632027270a1ce8743fa4c467557694
894a0b2c023669bb812513423977d5068f11c1a9
51022bade4c3e256f174dffd209cbc7ddd74d7c6b3c2cc8939154274284d18a1
Analyzer Verdict Alert fortinet Malware
GET /WW/SB/ HTTP/1.1
Host: laughing-lemur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 22:08:27 GMT
content-type: text/html
last-modified: Thu, 29 Sep 2022 13:16:32 GMT
etag: W/"63359ab0-1717"
content-encoding: gzip
X-Firefox-Spdy: h2
laughing-lemur.com/WW/SB/arrow.png
116.203.124.201200 OK 343 B URL HTTP/2 laughing-lemur.com/WW/SB/arrow.png
IP 116.203.124.201:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 12 x 11, 8-bit/color RGBA, non-interlaced\012- data
Hash c73ad1b4a907d4d7a112253bd6d326fb
29f9917836224c3d7188c1a0e24b5bb81e2bf462
5f43899197d72dd57f227ae6741b80791fd187b8f11bad546dffbaf2e3743523
GET /WW/SB/arrow.png HTTP/1.1
Host: laughing-lemur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://laughing-lemur.com/WW/SB/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 22:08:27 GMT
content-type: image/png
content-length: 343
last-modified: Tue, 27 Sep 2022 13:47:04 GMT
etag: "6332fed8-157"
expires: Tue, 28 Feb 2023 22:08:27 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
laughing-lemur.com/WW/SB/888.jpg
116.203.124.201200 OK 2.6 kB URL HTTP/2 laughing-lemur.com/WW/SB/888.jpg
IP 116.203.124.201:0
ASN #24940 Hetzner Online GmbH
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 97x49, components 3\012- data
Hash 6e181a5198429bd5dc35c1a92f12e151
0c8682a58ee05fefe9da3c0cce995efaadf89398
a8e15586ce9e1f0e25da37516d4aa232bc0b14eaca4edc1c2bd2f03dbc8026f6
GET /WW/SB/888.jpg HTTP/1.1
Host: laughing-lemur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://laughing-lemur.com/WW/SB/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 22:08:27 GMT
content-type: image/jpeg
content-length: 2647
last-modified: Tue, 27 Sep 2022 13:47:04 GMT
etag: "6332fed8-a57"
expires: Tue, 28 Feb 2023 22:08:27 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 75bf326700e29b1b06e57fb96ee2b064
4f979f28905b65637a058cd44be6c25bb51a42e4
385f7a9c4112c4d674264d02229719e7f82e7039e681db8aaa6685ebab2be0c1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 22:08:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
laughing-lemur.com/WW/SB/ggbet1.jpg
116.203.124.201200 OK 3.4 kB URL HTTP/2 laughing-lemur.com/WW/SB/ggbet1.jpg
IP 116.203.124.201:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 98 x 58, 8-bit/color RGBA, non-interlaced\012- data
Hash b674463255d4bf4035b934e400a9b4ae
3bc0701cf4ce1649700c74f1c39c6b69ab20fab6
1a3863425abe5597f1ab325154a20b2d7c1104df0ff1cda7aef6ef00aa46d4f4
GET /WW/SB/ggbet1.jpg HTTP/1.1
Host: laughing-lemur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://laughing-lemur.com/WW/SB/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 22:08:27 GMT
content-type: image/jpeg
content-length: 3350
last-modified: Tue, 27 Sep 2022 13:47:05 GMT
etag: "6332fed9-d16"
expires: Tue, 28 Feb 2023 22:08:27 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
laughing-lemur.com/WW/SB/begambleaware.png
116.203.124.201200 OK 2.8 kB URL HTTP/2 laughing-lemur.com/WW/SB/begambleaware.png
IP 116.203.124.201:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 116 x 28, 8-bit/color RGBA, non-interlaced\012- data
Hash c994f474dca6804ccc5d9fcbd825c127
3bef6c2a02045cb8e3643462f11824c4cf3d7832
8afe943621b346d68d17f9764c8b1890d92459d738025bbf7ab6f79f6b2fa89f
GET /WW/SB/begambleaware.png HTTP/1.1
Host: laughing-lemur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://laughing-lemur.com/WW/SB/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 22:08:27 GMT
content-type: image/png
content-length: 2804
last-modified: Tue, 27 Sep 2022 13:47:04 GMT
etag: "6332fed8-af4"
expires: Tue, 28 Feb 2023 22:08:27 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
laughing-lemur.com/WW/SB/gamcare.png
116.203.124.201200 OK 1.1 kB URL HTTP/2 laughing-lemur.com/WW/SB/gamcare.png
IP 116.203.124.201:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 7bdf9f20366b5636bc698de6e866ffc2
bbef31f004b068961441662ac0e7699905282dd9
70f114ad6d1b1bded9a33e3065aef7d7fbd39da53c8af508321a2ebce6d0e1f7
GET /WW/SB/gamcare.png HTTP/1.1
Host: laughing-lemur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://laughing-lemur.com/WW/SB/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 22:08:27 GMT
content-type: image/png
content-length: 1100
last-modified: Tue, 27 Sep 2022 13:47:05 GMT
etag: "6332fed9-44c"
expires: Tue, 28 Feb 2023 22:08:27 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
laughing-lemur.com/WW/SB/18.png
116.203.124.201200 OK 1.5 kB URL HTTP/2 laughing-lemur.com/WW/SB/18.png
IP 116.203.124.201:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 87d2ca45eb79db526b5d40919e3aabde
0b49095eb96eeff3651587f3a7f985d929227285
c2df13c5fde252964991099d203d6f5f12e0db23d9cf8971e89475fccc8776c1
GET /WW/SB/18.png HTTP/1.1
Host: laughing-lemur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://laughing-lemur.com/WW/SB/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 22:08:27 GMT
content-type: image/png
content-length: 1468
last-modified: Tue, 27 Sep 2022 13:47:04 GMT
etag: "6332fed8-5bc"
expires: Tue, 28 Feb 2023 22:08:27 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 75bf326700e29b1b06e57fb96ee2b064
4f979f28905b65637a058cd44be6c25bb51a42e4
385f7a9c4112c4d674264d02229719e7f82e7039e681db8aaa6685ebab2be0c1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 22:08:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Last-Modified, ETag, Content-Length, Expires, Cache-Control, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 29 Jan 2023 21:49:04 GMT
age: 1163
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash db3290a85d0ba4da27406ae9636aa618
4c69da45eddd66a1e26fce5562fc45eda7005309
19db4d0cc84bff9586883a5fa69c426af0b5fc1c2760ee7c259b0307c8afa6b2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 22:08:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
securely-send.com/storage/CMdP1H3Z9HlefCQpTg5ix1xhs3juAfSK.js
161.35.78.172200 OK 37 kB URL HTTP/2 securely-send.com/storage/CMdP1H3Z9HlefCQpTg5ix1xhs3juAfSK.js
IP 161.35.78.172:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (36785), with no line terminators
Hash 3c0cb3af71f121d56d51f3bd00d7f9ba
7c7730e3057f3412e1149edf436bbbe24a8b0034
e2cd5a61924ab39babd7f2deb8c5a9709d08faab2e6def8ceb1329f4c3d7dfde
Analyzer Verdict Alert fortinet Phishing
GET /storage/CMdP1H3Z9HlefCQpTg5ix1xhs3juAfSK.js HTTP/1.1
Host: securely-send.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://laughing-lemur.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sun, 29 Jan 2023 22:08:27 GMT
content-type: application/javascript; charset=utf-8
content-length: 36785
last-modified: Tue, 17 Jan 2023 14:00:34 GMT
etag: "63c6aa02-8fb1"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
X-Firefox-Spdy: h2
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
216.58.207.227200 OK 31 kB URL HTTP/2 fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Hash ac0d2859ea5f8fd6bcb3c305c08ec184
7f6c17e3e592cd8bd346b9cc261d8dd961b8aef7
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://laughing-lemur.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 27 Jan 2023 07:08:09 GMT
expires: Sat, 27 Jan 2024 07:08:09 GMT
cache-control: public, max-age=31536000
age: 226818
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Montserrat:wght@300;400;500;600&display=swap
142.250.74.106200 OK 297 kB URL HTTP/2 fonts.googleapis.com/css2?family=Montserrat:wght@300;400;500;600&display=swap
IP 142.250.74.106:0
Size 297 kB (297245 bytes)
Hash 579b364c4af08a24899fc98b057b603d
c5040189c9de24303878c428eada608898b2ced3
334cd55cad343a7af44bd831da2c5a276ed6f26f3c81bb3b1da4d1700643d480
GET /css2?family=Montserrat:wght@300;400;500;600&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://laughing-lemur.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 29 Jan 2023 22:08:27 GMT
date: Sun, 29 Jan 2023 22:08:27 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash db3290a85d0ba4da27406ae9636aa618
4c69da45eddd66a1e26fce5562fc45eda7005309
19db4d0cc84bff9586883a5fa69c426af0b5fc1c2760ee7c259b0307c8afa6b2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 22:08:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 16a7b6a7128312e2f985d30df18c4487
6017bff79ffb525d9c7f9f32b999b74b5dc69602
663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12119
Expires: Mon, 30 Jan 2023 01:30:26 GMT
Date: Sun, 29 Jan 2023 22:08:27 GMT
Connection: keep-alive
laughing-lemur.com/WW/SB/hero-bg.jpg
116.203.124.201200 OK 510 kB URL HTTP/2 laughing-lemur.com/WW/SB/hero-bg.jpg
IP 116.203.124.201:0
ASN #24940 Hetzner Online GmbH
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=16, height=3718, bps=0, PhotometricIntepretation=RGB, description=Soccer closeup. Leg of soccer player on the ball. Soccer background. Day stadium., orientation=upper-left, width=4719], baseline, precision 8, 1254x836, components 3\012- data
Size 510 kB (510454 bytes)
Hash ace666e983ed7bad442a91bb0a708589
1cd2825b2f15c89ce1a13b34b2101f5dce8cb0d7
b16b98ab9ed64f409952bb93319ef1a65144f4e37eb601a10937586969c0de86
GET /WW/SB/hero-bg.jpg HTTP/1.1
Host: laughing-lemur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://laughing-lemur.com/WW/SB/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 22:08:27 GMT
content-type: image/jpeg
content-length: 510454
last-modified: Tue, 27 Sep 2022 13:47:05 GMT
etag: "6332fed9-7c9f6"
expires: Tue, 28 Feb 2023 22:08:27 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
laughing-lemur.com/favicon.ico
116.203.124.201200 OK 32 kB URL HTTP/2 laughing-lemur.com/favicon.ico
IP 116.203.124.201:0
ASN #24940 Hetzner Online GmbH
File type MS Windows icon resource - 4 icons, 64x64, 32 bits/pixel, 48x48, 32 bits/pixel\012- data
Hash cc859fa0d6660ee587b0edcd03744dd7
7f36f62ca571d94292242f777bce7cce55c55065
f476190c67553763999acc4d90f8f0257828e7eb0728bc2bef0a8dae7d83cf02
GET /favicon.ico HTTP/1.1
Host: laughing-lemur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://laughing-lemur.com/WW/SB/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 22:08:27 GMT
content-type: image/x-icon
content-length: 32038
last-modified: Wed, 13 Oct 2021 10:42:35 GMT
etag: "6166b81b-7d26"
expires: Tue, 28 Feb 2023 22:08:27 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 23c0e6587e8a63c6a26973ab036f42d8
d9895035b63520fd202cacf2a2b055e16b69b6ca
a451171fd28214bb2eac9e24f2b204db14a2ba3d27123dbe7c3c2a20c910fd7b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 372
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 22:08:28 GMT
Etag: "63d58a1e-116"
Last-Modified: Sun, 29 Jan 2023 22:02:16 GMT
Server: ECS (amb/6BAD)
X-Cache: HIT
Content-Length: 279
status.thawte.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 9aa60cb6faa65105af7bfd4eed8473c5
7f46abde58195ef264b6474cf0e17bbc8577baf7
6f845df8c719f847a98bf2734bac93c15f6868c41751e7daf13672981c71ccd8
POST / HTTP/1.1
Host: status.thawte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1788
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 22:08:28 GMT
Last-Modified: Sun, 29 Jan 2023 21:38:40 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 23c0e6587e8a63c6a26973ab036f42d8
d9895035b63520fd202cacf2a2b055e16b69b6ca
a451171fd28214bb2eac9e24f2b204db14a2ba3d27123dbe7c3c2a20c910fd7b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 372
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 22:08:28 GMT
Last-Modified: Sun, 29 Jan 2023 22:02:16 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 279
ic.aff-handler.com/c/47824?sr=1860383
217.147.127.42302 Found 319 B URL HTTP/1.1 ic.aff-handler.com/c/47824?sr=1860383
IP 217.147.127.42:0
ASN #201071 Virtual Internet Services Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash d5a9d6910b34e7b111656749c1fbd555
19f4344413e7fd0bd195871d89494cd5d8c70281
cdc0ba615c731ee56dbd41ebb3a2b5b3f5f22a269e6a661faedd2510280c8ba9
GET /c/47824?sr=1860383 HTTP/1.1
Host: ic.aff-handler.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: 0
Location: https://www.888casino.com/promotions/welcome-bonus-offer/#tc?sr=1860383&mm_id=47824&utm_source=aff&utm_medium=casap&utm_content=100136647&utm_campaign=100136647_1860383_nodescription
Server:
X-AspNetMvc-Version: 4.0
Set-Cookie: uffiliate_click_47824_1860383_=uffiliate_click_47824_1860383_; expires=Tue, 28-Feb-2023 22:08:28 GMT; path=/; SameSite=None; Secure
srv: 1231321
Date: Sun, 29 Jan 2023 22:08:28 GMT
Content-Length: 319
push.services.mozilla.com/
52.35.120.215101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.35.120.215:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: jp8tNO9lEa3dNa8LDgfMhg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: bn7tV2kH4Ll0+XiYXFPHWYxyOz8=
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash c8498da29c27949d467aa891fe4c50b9
2190c31fc03012253dd89a7bc9fcaabfa762748f
dc358bfa2f7333e70cd8c6cf915d831b76aeadc5549f8723b7b235a583617b24
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1614
Cache-Control: max-age=153824
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 22:08:28 GMT
Etag: "63d69dee-117"
Expires: Tue, 31 Jan 2023 16:52:12 GMT
Last-Modified: Sun, 29 Jan 2023 16:25:18 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 279
coffee2play.com/static/template/60/img/logo.gif
104.21.49.130200 OK 245 kB URL HTTP/2 coffee2play.com/static/template/60/img/logo.gif
IP 104.21.49.130:0
File type GIF image data, version 89a, 838 x 428\012- data
Size 245 kB (245203 bytes)
Hash 34a4d79af7e2cc77974498de81649003
eb806366fcd35726a9adcb436dd8246aabc9bc6f
e15d400e56a42cfc461cb6947f1f05bd5e49df947beb321a6813363d82f1933c
GET /static/template/60/img/logo.gif HTTP/1.1
Host: coffee2play.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://coffee2play.com/?s=60&ref=gg_w137480c102879l8364gnop1231_&encoded_url=c3BvcnRzIyEvYXV0aC9yZWdpc3Rlcj9wb3B1cA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 22:08:28 GMT
content-type: image/gif
content-length: 245203
last-modified: Thu, 12 Jan 2023 08:13:48 GMT
etag: "63bfc13c-3bdd3"
cache-control: public, no-cache
x-xss-protection: 1; mode=block
strict-transport-security: max-age=300; includeSubDomains;
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F9fqLpK4vqxCqx43er6PA3tEqnnz8hPhOWpwK%2BN4Xm0ASP%2Fsnc%2FUHClnHCE8ib6cO1SFALTEgBKmuqKZbKBCDtprFQQgfayeXPDl2fov3%2FKxozwIBssKE0c76qx30GAH0lE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79154960aea70b06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.r2m01.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m01.amazontrust.com/
IP 54.230.80.227:0
Hash 2183b6c84c5c58358d1663b15acfa6f2
24aa04caa9c17604aa556cfd555b6582f5f96b98
6682787e86e91a9f5a04183368930c2b97bb74668e1a85e72e3acb7b78278d51
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=133772
Date: Sun, 29 Jan 2023 22:08:28 GMT
Etag: "63d640e9-1d7"
Expires: Tue, 31 Jan 2023 11:18:00 GMT
Last-Modified: Sun, 29 Jan 2023 09:48:25 GMT
Server: ECS (nyb/1D1D)
X-Cache: Miss from cloudfront
Via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 6ZC1GBJHU8wuipdBcrBH4ndY-TDbhn8mmtcVIdwKdnw66DkqcG51FQ==
Age: 5375
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 27908edc98bf3f7da44fc41c7445bef4
135bc9610628cb10c39ebd88f7d83f2a7df78edc
b3c2f95ae9f79a3d33436f154be04f790dab1baf114c5a28d606eb120887c4b0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 22:08:28 GMT
Etag: "63d66b3c-117"
Server: ECS (amb/6BAD)
Content-Length: 279
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash ba2ca6af7b23ce2e11aa4f9d86e66269
212aef55d64b6add292dcf6241b16e7c93d1bae2
f163a94d190f5aeeb05b2e344bc8e1544d9701772b08585e9c92b529c8652b3d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 22:08:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=GTM-5RMQ4SV
142.250.74.40200 OK 46 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-5RMQ4SV
IP 142.250.74.40:0
File type ASCII text, with very long lines (1759)
Hash 95864884b738317d216b01bddbc1f3e3
29f5824fbfb70a91075c50efdc172bf93be08c79
c7103a7ea0b1912bf3a940698609e5e91831beb967a88154f13d1eadbd8c1d71
GET /gtm.js?id=GTM-5RMQ4SV HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://coffee2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 29 Jan 2023 22:08:28 GMT
expires: Sun, 29 Jan 2023 22:08:28 GMT
cache-control: private, max-age=900
last-modified: Sun, 29 Jan 2023 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 46270
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
coffee2play.com/js/utils.js
104.21.49.130200 OK 1.7 kB URL HTTP/2 coffee2play.com/js/utils.js
IP 104.21.49.130:0
Hash 5b10b5ae27e08cab0a920557096d39f1
cc4c716ed93def2d871e6c5a85e46003cb49e4fb
902e71e7089fdfc954f511ad7699bfa9c3adf9e546f0d1612e6cbed2645db331
GET /js/utils.js HTTP/1.1
Host: coffee2play.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://coffee2play.com/?s=60&ref=gg_w137480c102879l8364gnop1231_&encoded_url=c3BvcnRzIyEvYXV0aC9yZWdpc3Rlcj9wb3B1cA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 22:08:28 GMT
content-type: application/javascript
last-modified: Thu, 12 Jan 2023 08:13:48 GMT
etag: W/"63bfc13c-ced"
cache-control: public, no-cache
x-xss-protection: 1; mode=block
strict-transport-security: max-age=300; includeSubDomains;
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wkEWyg6Xn6sh5yDuPuA0Wh6ItZykLjwiMiiTdcfNHgOMYtvMqKmfSXh4C3oHHkQX0KqN2%2F7S3IbHe%2BBe1dwpRdLw5BTNdzCSGgxsn4Mziz68WPzW6%2FcA8HzErfHggABY4iQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79154960aea40b06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.exoclick.com/tag_gen.js
205.185.216.10200 OK 515 B URL HTTP/1.1 a.exoclick.com/tag_gen.js
IP 205.185.216.10:0
File type ASCII text, with very long lines (1030), with no line terminators
Hash 628e0302068ade64b5f411f39d5ce7e5
ff1a609269f34bad5ae67ed1678df3f7b905d018
c583ceaeae2e9a05e25c27b61520710f16b8b98ca7f9087a75ae90a040b8bc3f
GET /tag_gen.js HTTP/1.1
Host: a.exoclick.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://coffee2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 22:08:28 GMT
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 515
Content-Type: application/javascript
Accept-Ranges: bytes
Cache-Control: max-age=10800
Server: nginx
etag: W/"a56c0470b9aa925085e51a6271a"
X-HW: 1675030108.dop024.sk1.t,1675030108.cds021.sk1.shn,1675030108.dop024.sk1.t,1675030108.cds251.sk1.c
Access-Control-Allow-Origin: *, *
gg.bet/blank.gif?1675030117517
203.29.52.121200 OK 43 B URL HTTP/2 gg.bet/blank.gif?1675030117517
IP 203.29.52.121:0
ASN #209242 Cloudflare London, LLC
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /blank.gif?1675030117517 HTTP/1.1
Host: gg.bet
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://coffee2play.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 22:08:28 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
x-envoy-upstream-service-time: 0
x-frame-options: DENY
x-request-id: dcca53c1-8db1-4c19-a64a-578580e088ea
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 79154961687fb51e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
gbett1.net/blank.gif?1675030117515
203.32.121.98200 OK 43 B URL HTTP/2 gbett1.net/blank.gif?1675030117515
IP 203.32.121.98:0
ASN #209242 Cloudflare London, LLC
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /blank.gif?1675030117515 HTTP/1.1
Host: gbett1.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://coffee2play.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 22:08:28 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
x-envoy-upstream-service-time: 0
x-frame-options: DENY
x-request-id: 1fa149a0-6f3d-4886-afb0-486a6b77c41c
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 791549615b67fac4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ggbets1.net/blank.gif?1675030117516
203.30.189.19200 OK 43 B URL HTTP/2 ggbets1.net/blank.gif?1675030117516
IP 203.30.189.19:0
ASN #209242 Cloudflare London, LLC
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /blank.gif?1675030117516 HTTP/1.1
Host: ggbets1.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://coffee2play.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 22:08:28 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
x-envoy-upstream-service-time: 0
x-frame-options: DENY
x-request-id: a677a2fa-9a7e-4439-8ee0-b1fda494a46a
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 79154961aab6b52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 124e519837484fe7578b3eb0ceab2837
eeab36fafb99453b117caa12a1785d441cf7f176
d62150fde0904b3d1c99b979624cdf782075199496af19583a1fe2a95d2f148c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 22:08:28 GMT
Etag: "63d57691-116"
Server: ECS (amb/6BAD)
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 27908edc98bf3f7da44fc41c7445bef4
135bc9610628cb10c39ebd88f7d83f2a7df78edc
b3c2f95ae9f79a3d33436f154be04f790dab1baf114c5a28d606eb120887c4b0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=139232
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 22:08:28 GMT
Etag: "63d66b3c-117"
Expires: Tue, 31 Jan 2023 12:49:00 GMT
Last-Modified: Sun, 29 Jan 2023 12:49:00 GMT
Server: nginx
Content-Length: 279
sat.crwds.net/p/gnt908wk0bl6xyll5bj94zafs74gwo53/35a01d7ec12100839d2d236ff4eaec11.jpg
203.30.191.209200 OK 20 kB URL HTTP/2 sat.crwds.net/p/gnt908wk0bl6xyll5bj94zafs74gwo53/35a01d7ec12100839d2d236ff4eaec11.jpg
IP 203.30.191.209:0
ASN #209242 Cloudflare London, LLC
File type gzip compressed data, max compression\012- data
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /p/gnt908wk0bl6xyll5bj94zafs74gwo53/35a01d7ec12100839d2d236ff4eaec11.jpg HTTP/1.1
Host: sat.crwds.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://coffee2play.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 22:08:28 GMT
content-type: image/jpeg
cache-control: no-cache, private
set-cookie: _7jt1oxhp4z=eyJpdiI6Ik1XaWlrSGozYno1UmdWUm91YUkwSVE9PSIsInZhbHVlIjoiaTZPWEFsTXVLNW5OeEMrcEZSTDFqTHQ2NTY1UEkvY1daQmpGUEdwR2taL3FsQWIzUkYrb2JMSHA1a3c4U1owYi9KV2NXZVpNNmdqdVdtUmpkb1hnZDdPSk9rMW5VM0krRXE5ZVZZeWJFcFk9IiwibWFjIjoiYWUxNWMwZmMyODQzYThhZjVlYjNhZmIxMmU5NTZmYjNiYThlOWJkNjYyZTY0MGM5ZDQzOThjNDg4NTY4OTg4YyIsInRhZyI6IiJ9; expires=Mon, 29-Jan-2024 22:08:28 GMT; Max-Age=31536000; path=/; domain=.crwds.net; secure; httponly; samesite=none
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 79154963bc201bfe-OSL
X-Firefox-Spdy: h2
ocsp.r2m01.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m01.amazontrust.com/
IP 54.230.80.227:0
Hash 2183b6c84c5c58358d1663b15acfa6f2
24aa04caa9c17604aa556cfd555b6582f5f96b98
6682787e86e91a9f5a04183368930c2b97bb74668e1a85e72e3acb7b78278d51
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 29 Jan 2023 22:08:29 GMT
Last-Modified: Sun, 29 Jan 2023 21:56:55 GMT
Server: ECS (bsa/EB1F)
X-Cache: Miss from cloudfront
Via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 0z2XUc2fwk-8bQ25M4zOZ6YaXjTCq5ug5ZAMm-yVuOfr6TnVysBaKw==
Age: 694
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8247
Expires: Mon, 30 Jan 2023 00:25:56 GMT
Date: Sun, 29 Jan 2023 22:08:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8247
Expires: Mon, 30 Jan 2023 00:25:56 GMT
Date: Sun, 29 Jan 2023 22:08:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8247
Expires: Mon, 30 Jan 2023 00:25:56 GMT
Date: Sun, 29 Jan 2023 22:08:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8247
Expires: Mon, 30 Jan 2023 00:25:56 GMT
Date: Sun, 29 Jan 2023 22:08:29 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88b9e50f-b1f6-4665-acd6-9532ce741c2f.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88b9e50f-b1f6-4665-acd6-9532ce741c2f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d04b173ecc22c619998bda87a8f9ce70
9e3c3ac1b5a8a5fcee6d1b0db1a61b71948d5fe5
c30fbd2807e36b637bd1382a955c34abb4fe88b99173692530d288fff0986896
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88b9e50f-b1f6-4665-acd6-9532ce741c2f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8739
x-amzn-requestid: 591edd56-d422-459f-8934-532106be7e90
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_quGvkoAMFWQA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d44644-5bda946b19b8abc54d324bab;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:46:44 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: yAWADPixWRJsEV9OqvunQGhVHlobpluc-VwHlhq1psEwNh_ignw-dQ==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 21:58:32 GMT
age: 597
etag: "9e3c3ac1b5a8a5fcee6d1b0db1a61b71948d5fe5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
sat.mengapemic.net/gnt908wk0bl6xyll5bj94zafs74gwo53/script.min.js?sub_1=gg_w137480c102879l8364gnop1231_&visitorId=63d6ee5cda81a3016e0b5252
203.30.191.209200 OK 51 kB URL HTTP/2 sat.mengapemic.net/gnt908wk0bl6xyll5bj94zafs74gwo53/script.min.js?sub_1=gg_w137480c102879l8364gnop1231_&visitorId=63d6ee5cda81a3016e0b5252
IP 203.30.191.209:0
ASN #209242 Cloudflare London, LLC
Hash a582e924d085c25e80aaeb78550f0625
07591ffc014a09a86b057abef52a2cf4b802c2a0
287d57499cfa1a487603535640ec950fa03778e81295b7309921347232db1707
GET /gnt908wk0bl6xyll5bj94zafs74gwo53/script.min.js?sub_1=gg_w137480c102879l8364gnop1231_&visitorId=63d6ee5cda81a3016e0b5252 HTTP/1.1
Host: sat.mengapemic.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://coffee2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 22:08:28 GMT
content-type: application/javascript
cache-control: must-revalidate, no-cache, no-store, post-check=0, pre-check=0, private
last-modified: Sun, 29 Jan 2023 22:08:28 GMT
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 79154960dbe7b4f3-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce27f1aa-8d31-4110-a47f-73de0b95926d.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce27f1aa-8d31-4110-a47f-73de0b95926d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 10a6491e2c1dfde68c7cd7297e70700f
d0f195319825a6d3e5e50ad15b2fcab27cb65896
4d9353d5874e5ea03c25e1562db5f479c222a48db526fdd10ede7c2e6a4dd874
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce27f1aa-8d31-4110-a47f-73de0b95926d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11470
x-amzn-requestid: 62d61967-9380-4ca9-b11a-531425dbd2ae
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fIf6WFgAIAMF6gw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cce042-6d9fe51029094b7f37c0a648;Sampled=0
x-amzn-remapped-date: Sun, 22 Jan 2023 07:05:38 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: rUIvvkZQ028ey3klplI-x9oZFugon5HsAWT-SN2GQo5hBeBJWqoMAg==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 23:12:28 GMT
age: 82561
etag: "d0f195319825a6d3e5e50ad15b2fcab27cb65896"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
34.120.237.76200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
IP 34.120.237.76:0
File type gzip compressed data, max compression\012- data
Hash e463e2360ab6331cfa20aea44d98687d
801b42d9b26465ce732a0192d0f12f918902d3c9
e3f54cf8da70b8064edb7d5142bb2c2a2b392b75b2acda333749b138b8cd2940
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4475
x-amzn-requestid: b7b272d6-3089-4f33-89b5-5cb388640e10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_e6HsaIAMF5Lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445f8-1789f7f4264270916da323db;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 4jPbm4WufkUKm7ljLvpHrJUFhr-JQ_nl3iYfI5S8nTqEszFdUtz9EQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 05:24:09 GMT
etag: "ab4f6528594a1725934727dc7d834c028a79c609"
content-type: image/jpeg
age: 60260
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d4cfe7c-2bbe-4efd-b73a-59ea603c332f.jpeg
34.120.237.76200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d4cfe7c-2bbe-4efd-b73a-59ea603c332f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4c77437e3a7361861aed8bfecbfe6bd6
fefd238c13c0fdfb7d964c90fcc8a8cbbf953034
282d15c443cb6232ae0a30046a0dc24360617355a4651cdba59b11e6f7313d8a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d4cfe7c-2bbe-4efd-b73a-59ea603c332f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5594
x-amzn-requestid: d56c9b84-dc1f-4d5c-91bf-7db55058bf67
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fLyeEGOloAMFpzA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ce3126-5013a6b971d6800c5c85a4eb;Sampled=0
x-amzn-remapped-date: Mon, 23 Jan 2023 07:03:02 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: D2ZAelkDgsd0wjoOSoPRwTzhozs84_aIcgwU-QmbDrTnHztVD0VL_A==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 05:26:16 GMT
age: 60133
etag: "fefd238c13c0fdfb7d964c90fcc8a8cbbf953034"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
coffee2play.com/?s=60&ref=gg_w137480c102879l8364gnop1231_&encoded_url=c3BvcnRzIyEvYXV0aC9yZWdpc3Rlcj9wb3B1cA==
104.21.49.130200 OK 12 kB URL HTTP/2 coffee2play.com/?s=60&ref=gg_w137480c102879l8364gnop1231_&encoded_url=c3BvcnRzIyEvYXV0aC9yZWdpc3Rlcj9wb3B1cA==
IP 104.21.49.130:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (505)
Hash 17fb5a92ce175030dba8b60a2d9387e3
80baeeb4da9968efefea6911669c6da05bcab0e1
5cc18911bb3c917aee79efcbd0bf981f2eb91d97b50234c57de242fbf2b95452
GET /?s=60&ref=gg_w137480c102879l8364gnop1231_&encoded_url=c3BvcnRzIyEvYXV0aC9yZWdpc3Rlcj9wb3B1cA== HTTP/1.1
Host: coffee2play.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 22:08:28 GMT
content-type: text/html; charset=UTF-8
set-cookie: visit18702b69116a22c9b3543e7d58655920=1; expires=Tue, 28-Feb-2023 22:08:28 GMT; Max-Age=2592000
x-xss-protection: 1; mode=block
strict-transport-security: max-age=300; includeSubDomains;
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XjWc2Tod%2ByijxA8UjL%2B5KrlJ4xpwafJF%2FrZRMQFJE2J5zXYMssXtpUWHF%2BbgFKvYy9QJqq%2FE91kGSq%2BYv4RRDutLODknfcA%2FTO%2FPwIw27hcCD3iQOT3D01Z6oXP9uLbYEMI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791549600df10b06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
coffee2play.com/js/redirector.js?1673511228
104.21.49.130200 OK 0 B URL HTTP/2 coffee2play.com/js/redirector.js?1673511228
IP 104.21.49.130:0
GET /js/redirector.js?1673511228 HTTP/1.1
Host: coffee2play.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://coffee2play.com/?s=60&ref=gg_w137480c102879l8364gnop1231_&encoded_url=c3BvcnRzIyEvYXV0aC9yZWdpc3Rlcj9wb3B1cA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 22:08:28 GMT
content-type: application/javascript
last-modified: Thu, 12 Jan 2023 08:13:48 GMT
etag: W/"63bfc13c-cba"
cache-control: public, no-cache
x-xss-protection: 1; mode=block
strict-transport-security: max-age=300; includeSubDomains;
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NAFi2HaHVESkDpk5S6g1UrQho6zt1Jl0LAPq0%2FoMnIstnsD2IbJn6KYdaTeiQxtLvhbM5X7fqbr2JJHH8kfi7vCKUz30VQGctXErRpYFIQ4OshstYe6a%2BOv4T%2B6ziETcxWg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79154960aea60b06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ggbetpromo.com/l/61a8cb4aade10011a3361d82
104.21.51.166302 Found 0 B URL HTTP/2 ggbetpromo.com/l/61a8cb4aade10011a3361d82
IP 104.21.51.166:0
GET /l/61a8cb4aade10011a3361d82 HTTP/1.1
Host: ggbetpromo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sun, 29 Jan 2023 22:08:28 GMT
content-type: text/html; charset=UTF-8
location: https://coffee2play.com/?s=60&ref=gg_w137480c102879l8364gnop1231_&encoded_url=c3BvcnRzIyEvYXV0aC9yZWdpc3Rlcj9wb3B1cA==
x-xss-protection: 1; mode=block
strict-transport-security: max-age=300; includeSubDomains;
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NnelQX2av%2BINCGiw6qDzsAuAujsvuz2V%2F6JgCQ%2BZMmcKrVSmtN7xjE0t6jOSVcVA9va4GKmrVexZyuMZcuVYfowjLmIW0mAV1ADeNyrtgjgNUq8KKBmOuVa06bSR5%2B1WfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7915495f69fc0b65-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
sat.mengapemic.net/ie/js/35a01d7ec12100839d2d236ff4eaec11
203.30.191.209200 OK 0 B URL HTTP/2 sat.mengapemic.net/ie/js/35a01d7ec12100839d2d236ff4eaec11
IP 203.30.191.209:0
ASN #209242 Cloudflare London, LLC
POST /ie/js/35a01d7ec12100839d2d236ff4eaec11 HTTP/1.1
Host: sat.mengapemic.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 4032
Origin: https://coffee2play.com
Connection: keep-alive
Referer: https://coffee2play.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 22:08:30 GMT
content-type: application/json
cache-control: no-cache, private
access-control-allow-origin: https://coffee2play.com
access-control-allow-methods: POST, GET, OPTIONS, DELETE, PUT, PATCH
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7915496d3de1b4f3-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
coffee2play.com/js/base64.js
104.21.49.130200 OK 0 B URL HTTP/2 coffee2play.com/js/base64.js
IP 104.21.49.130:0
GET /js/base64.js HTTP/1.1
Host: coffee2play.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://coffee2play.com/?s=60&ref=gg_w137480c102879l8364gnop1231_&encoded_url=c3BvcnRzIyEvYXV0aC9yZWdpc3Rlcj9wb3B1cA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 22:08:28 GMT
content-type: application/javascript
last-modified: Thu, 12 Jan 2023 08:13:48 GMT
etag: W/"63bfc13c-eca"
cache-control: public, no-cache
x-xss-protection: 1; mode=block
strict-transport-security: max-age=300; includeSubDomains;
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=puF%2Fi5UXCSGj7Jt%2FamMRjsHJFTfJc2CCM%2BWhT2EMMH%2FCfHn9C1UsUo8HknOm4qohid9%2FPk%2B4x1anhAP8kZYLH2qF6CaCxJy41ifpoemavAeiotyeAHFkdNuUhSXmq9Afeqc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 791549609e9d0b06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
sat.mengapemic.net/ie/e?m=MzVhMDFkN2VjMTIxMDA4MzlkMmQyMzZmZjRlYWVjMTEgPSBDYW52YXMgZWxlbWVudCBkb2Vzbid0IGhhdmUgYW55IG9mIHRoaXMgY29udGV4dCAtIHdlYmdsMixleHBlcmltZW50YWwtd2ViZ2wyLCB3ZWJnbCwgZXhwZXJpbWVudGFsLXdlYmdsLCBtb3otd2ViZ2wuIFdlYkdsIHN1cHBvcnQgaXMgZGlzYWJsZWQ%3D&h=aHR0cHM6Ly9jb2ZmZWUycGxheS5jb20vP3M9NjAmcmVmPWdnX3cxMzc0ODBjMTAyODc5bDgzNjRnbm9wMTIzMV8mZW5jb2RlZF91cmw9YzNCdmNuUnpJeUV2WVhWMGFDOXlaV2RwYzNSbGNqOXdiM0IxY0E9PQ%3D%3D&ua=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjA%3D
203.30.191.209200 OK 0 B URL HTTP/2 sat.mengapemic.net/ie/e?m=MzVhMDFkN2VjMTIxMDA4MzlkMmQyMzZmZjRlYWVjMTEgPSBDYW52YXMgZWxlbWVudCBkb2Vzbid0IGhhdmUgYW55IG9mIHRoaXMgY29udGV4dCAtIHdlYmdsMixleHBlcmltZW50YWwtd2ViZ2wyLCB3ZWJnbCwgZXhwZXJpbWVudGFsLXdlYmdsLCBtb3otd2ViZ2wuIFdlYkdsIHN1cHBvcnQgaXMgZGlzYWJsZWQ%3D&h=aHR0cHM6Ly9jb2ZmZWUycGxheS5jb20vP3M9NjAmcmVmPWdnX3cxMzc0ODBjMTAyODc5bDgzNjRnbm9wMTIzMV8mZW5jb2RlZF91cmw9YzNCdmNuUnpJeUV2WVhWMGFDOXlaV2RwYzNSbGNqOXdiM0IxY0E9PQ%3D%3D&ua=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjA%3D
IP 203.30.191.209:0
ASN #209242 Cloudflare London, LLC
GET /ie/e?m=MzVhMDFkN2VjMTIxMDA4MzlkMmQyMzZmZjRlYWVjMTEgPSBDYW52YXMgZWxlbWVudCBkb2Vzbid0IGhhdmUgYW55IG9mIHRoaXMgY29udGV4dCAtIHdlYmdsMixleHBlcmltZW50YWwtd2ViZ2wyLCB3ZWJnbCwgZXhwZXJpbWVudGFsLXdlYmdsLCBtb3otd2ViZ2wuIFdlYkdsIHN1cHBvcnQgaXMgZGlzYWJsZWQ%3D&h=aHR0cHM6Ly9jb2ZmZWUycGxheS5jb20vP3M9NjAmcmVmPWdnX3cxMzc0ODBjMTAyODc5bDgzNjRnbm9wMTIzMV8mZW5jb2RlZF91cmw9YzNCdmNuUnpJeUV2WVhWMGFDOXlaV2RwYzNSbGNqOXdiM0IxY0E9PQ%3D%3D&ua=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjA%3D HTTP/1.1
Host: sat.mengapemic.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://coffee2play.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 22:08:28 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 791549636f46b4f3-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
www.888casino.com/promotions/welcome-bonus-offer/
54.230.111.96200 OK 0 B URL HTTP/2 www.888casino.com/promotions/welcome-bonus-offer/
IP 54.230.111.96:0
GET /promotions/welcome-bonus-offer/ HTTP/1.1
Host: www.888casino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=utf-8
date: Sun, 29 Jan 2023 22:08:28 GMT
x-wcs-correlation-id: jMSJraYoKjORMWrjB4RpcootF_uhYG5KGkiFLf8pZypg3fUu88coXw==
srv: 44302334
p3p: CP="Read our privacy policy at http://www.888.com/security-and-privacy/privacy-policy.htm"
content-security-policy: frame-ancestors 'self' *.genesazrak.com *.888casinoarabic.net *.arabiccasino888.com *.casinoarabic888.com *.casinoarabic-888.com *.888-casinoarabic.com *.888casino-arabic.com http://wrapper.safe-installation.com/ https://wrapper.safe-installation.com/ http://localhost:* https://localhost:* *.bingosys.net *.secured-igaming-usa.com *.888.pt *.sisportsbook.com *.888poker.de *.888slots.de *.safe-iplay.com *.safe-installation.com *.payoutscentral.com *.triple8holdem.com *.888.com *.secured-qa.com *.secured-registration.com *.secureutils.com *.images4us.com *.onlinepersonalmessages.com *.888sport.com *.888sport.es *.888sport.it *.888sport.dk *.888sport.ro *.888sport.se *.888sport.us *.888sport.de *.777.com *.personalinfoonline.com *.888.de *.888casino.com *.888poker.com *.888casino.dk *.888poker.dk *.888.de *.888casino.ro *.888poker.ro *.888casino.se *.888poker.se *.888casino.es *.888poker.es *.888casino.it *.888poker.it *.888casino.us *.888poker.us *.888ladies.com *.888.pt cmsp *.harrahscasino.com *.wsop.com *.delawarepark.com *.doverdowns.com *.harringtongamingonline.com *.secured-igaming-services.com *.secured-igaming-usa.com *.igaming-services.com *.888.ca *.888casino.ca *.888poker.ca *.888sport.ca *.888.nl *.888casino.nl *.888poker.nl *.888sport.nl *.ar-888-casino.com *.888casino-ar.com *.ar888-casino.com *.arab888-casino.com *.casinoelarab-888.com *.alarab-888casino.com *.casinoalarab-888.com *.888casino-alarab.com *.888casino-arabian.com *.arabian-888casino.com *.888-casino-arabian.com *.888-casino-alarab.com *.ballysdover.com *.888casino-uae.com *.playat888-games.com *.888casino-game.com *.online-arabic-casino.net *.tripleeight.live *.playat888online.com *.888games-uae.com *.triple-eight-games.com *.play-casino-now.com *.888slots-uae.com *.888-uae.com
set-cookie: 888Cookie=isftd%3Dfalse%26isreal%3Dfalse%26lang%3Den%26OSR%3D485693%26RefType%3DNoReferrer%26TestData%3D%7B%22orig-lp%22%3A%22https%3A%2F%2Fwww.888casino.com%2Fpromotions%2Fwelcome-bonus-offer%2F%22%2C%22referrer%22%3A%22NULL%22%7D; max-age=604800; domain=888casino.com; path=/; secure; samesite=none; httponly
apigw-requestid: fhouehMmDoEEJ7w=
content-encoding: br
vary: Accept-Encoding,User-Agent,Cookie
x-cache: Miss from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: jMSJraYoKjORMWrjB4RpcootF_uhYG5KGkiFLf8pZypg3fUu88coXw==
X-Firefox-Spdy: h2
laughing-lemur.com/api/site
116.203.124.201404 Not Found 0 B URL HTTP/2 laughing-lemur.com/api/site
IP 116.203.124.201:0
ASN #24940 Hetzner Online GmbH
POST /api/site HTTP/1.1
Host: laughing-lemur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://laughing-lemur.com/WW/SB/
Content-Type: application/json
Origin: https://laughing-lemur.com
Content-Length: 233
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Sun, 29 Jan 2023 22:08:27 GMT
content-type: text/html
content-encoding: gzip
X-Firefox-Spdy: h2